Set additional filter parameters for Qualys imports

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Customize the filtering parameters for your scheduled queries with the Qualys Vulnerability Integration to help you further refine the vulnerability data you import with the supported Qualys integrations.

    Before you begin

    Use cases: As a vulnerability manager or analyst, you might want to filter out data from your queries so that you can review only specific vulnerability details. For example, say you want to view imported vulnerabilities that are filtered by specific IPs or IP ranges. Or, you want to import only machines that are under your scope, for example, only machines within your corporate network that are not external devices.

    To help you gather this data, you might add Qualys parameters to help you import the specific vulnerability details you need.

    Without adding additional API calls or coding, this feature permits you to customize your HTTP Request information with Qualys parameters in your ServiceNow AI Platform. You modify or add these values on your HTTP Method record under the REST method for the supported Qualys integrations of the Qualys Vulnerability Integration.

    Role required: sn_vul.vulnerability_admin

    Procedure

    1. Locate the parameters supported by the Qualys product on the developer site that you want to use for your filtering.
      Parameters and values you enter from the Qualys product are supported only at the integration instance level in your ServiceNow AI Platform. All Qualys Integrations support filtering using query parameters.
    2. Navigate to All > Qualys Vulnerability Integration > Administration > Primary Integrations.
    3. On the Qualys Integrations list page, click the record for the integration that you want to open the record.
    4. With the Qualys REST Details tab selected, locate and click the information icon (I) for REST method followed by Open Record to open the HTTP Method record.
    5. Select the HTTP Request tab.
    6. In the HTTP Query Parameters for the request body, add the values you got from the Qualys developer site.

      In the following image, as an example, the parameter that ingests only certain IP addresses/ranges, ips={value} has been added. In this case, value is one or more IPs/ranges that you specify. Multiple entries are comma separated, 172.10.2.71, 172.10.3.159, and a range is specified with a hyphen, 10.10.10.1-10.10.10.100. Refer to the Qualys developer site for more information.

      Content field in Qualys HTTP Method record populated with IP address range

      If you want to enter more than one parameter, refer to the Qualys documentation for more information about how to separate each value.

      Note:
      You should be aware of you API requirements. You might have to add these API properties to the Query Parameters, or to the body content.
      Some other parameters you might find useful from the Qualys developer site:
      • ag_ids - Asset Group list IDs to retrieve. This parameter ensures only machines under your scope are brought in.
      • qids - This parameter limits results to only certain vulnerabilities (QID in Third-Party Entry table). This setting prevents flooding your system with informational records.
    7. Click Update.